Security updates available for Adobe Experience Manager

Summary

Adobe has released security updates for Adobe Experience Manager. These updates resolve three important input validation issues that could be used in cross-site scripting attacks (CVE-2016-7882, CVE-2016-7883 and CVE-2016-7884), and include an update to protect users from an important Cross-Site Request Forgery vulnerability (CVE-2016-7885).

Affected Versions

Product

Affected Versions

Platform

6.2

All

Adobe Experience Manager

6.1

All

6.0

All

Solution

Adobe recommends customers with on-premise deployments install the available updates referenced below. Furthermore, customers should review and implement the steps outlined in the Security Checklists for versions 6.2, 6.1 or 6.0.

Acknowledgments

Adobe would like to thank Daniel Hamid for reporting CVE-2016-7882 and for working with Adobe to help protect our customers. CVE-2016-7883, CVE-2016-7884 and CVE-2016-7885 were anonymously reported.

Revisions

December 14, 2016: modified the impacted platforms to All (previously stated Windows, Unix, Linux and OS X). Also included a note to clarify that Hotfix 12444 was previously included with AEM 6.1 SP2 CFP2.